Recognize rogue software and check what malicious websites are doing

Source: Internet
Author: User

1. Modify the IE Toolbar

The toolbar of IE includes tool buttons, address bar, links, and other items. Malicious webpages may add buttons on the toolbar as claimed by themselves, or add some URLs that have not been accessed to the drop-down list of the address bar, or even tamper with the title of the link bar to display some disgusting text.

To remove unnecessary buttons, the method is simple. Right-click the toolbar button and select "Custom ", select unnecessary buttons in the "current toolbar button" drop-down box and click "delete.

To remove the redundant address list, open the [HKEY_CURRENT_USERSoftwareWicrosoftInternet assumertypeurls] primary key in the registry editor and delete all key values such as "url1" and "url2" in the right window.

To fix the title of the link bar, first expand the [HKEY_CURRENT_USERSoftwareWicrosoftInternet assumertoolbar] primary key, and double-click the key value name "LinksFolderName" in the right window to change its key value to the information to be displayed, or directly Delete the key value name. The title of the link bar is restored to the default "Link.

  2. Modify the default search engine

There is a "Search" button in the IE Toolbar, which is linked to a specified search engine for network search. The button modified by a malicious webpage cannot be searched, but is linked to the webpage specified by the malicious webpage.

To fix the search engine, first expand the [HKEY_CURRENT_USERSoftwareWicrosoftInternet assumersearch] primary key. In the right window, change the URLs corresponding to the "mimizesearch" and "SearchAssistant" key values to the URLs of a search engine.

  3. Modify the IE title bar

When we browse the webpage, the title bar of IE displays the title information determined by the current webpage. However, some malicious web pages modify the registry so that IE attaches a piece of information after the title, either the name of a website or some spam ads, No matter what web pages it browses, even some politically reactionary or unsightly information.

To fix the IE Title bar, open the [HKEY_LOCAL_MACHINESoftwareWicrosoftInternet assumermain] primary key in the registry editor and delete the "Window Title" key name in the right Window.

  4. Right-click to modify or Disable IE

Some malicious web pages modify the shortcut menu of IE, add boring information, or add links to their websites, so that people will patronize their websites frequently. This is really ridiculous.

To delete the junk content from the right-click menu, open the [HKEY_CURRENT_USERSoftwareWicrosoftInternet assumermenuext] primary key in the registry editor and delete all the following junk content. You can also delete the "MenuExt" subkey directly, because the "MenuExt" sub-key is the extended content of the right-click menu, delete it, and the right-click menu is restored to the default style.

Some malicious webpages prohibit the use of right-click links to prohibit download. Expand [HKEY_CURRENT_USERSoftwarePoliciesWicrosoftInternet assumerrestrictions] primary key (note that this is Internet Explorer under the Policies Branch), and change the key value of Dword in the right window to "0, you can also delete the key value or even the "Restrictions" subkey. The "Restrictions" subkey contains some settings that limit the IE function.

Some malicious webpages are even more tricky. When you right-click a webpage, the menu is not displayed, but a dialog box is displayed to warn you not to "infringe" or force you to read their spam ads. In this case, the Registry is not modified, therefore, it is okay to exit the web page. If you need to right-click the webpage, you can use a work und: After the dialog box is displayed, press the "attribute" key on the keyboard (a key on the left of the Ctrl key on the right) do not put it. Then press the Enter key. In the displayed dialog box, press the Enter key several times. Then, open the "attribute" key and right-click the shortcut menu.

  5. A webpage or dialog box is displayed when the system is started.

If a webpage pops up when Windows is started, this is because the malicious webpage has moved to the "Start" group of Windows. In the registry, delete the corresponding project in the "Start" group.

The method is to expand the [HKEY_LOCAL_MACHINESoftwareWicrosoftWindowsCurrent VersionRun] primary key, and delete all the key value names containing url, htm, html, asp, php, and other url attributes in the right window.

A similar trick is that when Windows is started, a dialog box is displayed to display their advertisement information. Solution: Expand the [HKEY_LOCAL_MACHINESoftwareWicrosoftWindowsCurrent Version] primary key. The subkey "Winlogon" under this primary key will display a prompt box when Windows is started, you can directly Delete the sub-Key to avoid junk information during startup.

6. A new IE window pops up regularly.

In IE, a new window pops up to access other web pages at intervals, which is also a typical symptoms of malicious webpage poisoning. Malicious web pages are targeted by adding hta files to the "Startup" group of Windows. Similarly, we can delete all the items in the startup group that contain the hta file using the method described in Article 5th.

  7. Forbidden to modify the Registry

This is the best way for malicious web pages. malicious web pages modify our system. When we use the registration table editor regedit.exe to fix the registry, the system prompts "Registry Editor forbidden by the Administrator ". The attempt to use regedit.exe is banned from fixing the registry.

There are many other types of registration table editing tools besides regedit.exe. You can download a Registry Editor from the Internet, expand the [veriversionpoliciessystem] primary key, and change the key value "DisableRegistryTools" to "0 ", you can also delete the key value to use the registry editor that comes with Windows.

If no other editor is found, use NotePad to write the following three lines:

REGEDIT4 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem] "disableregistrytools" = dword: 0

Stopped.

  8. download and run the trojan program

One of the most sinister ways of malicious web pages is to download and run trojan programs to control visitors' computers. This vulnerability exploits IE5.0. A malicious webpage uses a malicious code to link an eml file (an E-mail File) embedded with an exe file (Trojan ), when a visitor browses this type of web page and clicks a disguised link, the eml file is automatically downloaded and runs the exe file (Trojan), without any prompt information, everything goes quietly.

We have no good solutions to such evil actions. Only the IE version has been upgraded, because this vulnerability no longer exists in IE5.0 or later versions.

  9. format the hard disk

Malicious web pages can format your hard disk !? You are not mistaken. This is one of the most vicious tricks on malicious web pages. The consequences are terrible. Malicious web pages use IE to execute ActiveX functions and call the Format.com program in Windows to format the hard disk. Because a running parameter that is not publicly available by Microsoft is used, format.com is automatically formatted without your confirmation, and the window is in the minimized state. It is very likely that your system will be finished before you respond. This is really mean.

However, there are dangers. When you access such malicious web pages and use ActiveX functions, IE will prompt that the current page contains insecure ActivcX, which may cause harm to the system, and ask if you want to execute it. You must be vigilant. Do not select "yes" as you like. In addition, this prompt may be disguised. For example, "the browser will use the anti-virus function, avoid malicious attacks. Continue?" It's really wrong. You have to be careful when you look at the flowers in the fog. Otherwise, you will not be able to regret it.

In fact, the safest way is to rename the Format.com program on your computer, so that malicious web page calling programs have no door or behavior. In Windows, there is also a dangerous command "deltree.exe", which is used to delete the entire directory or run automatically with parameters. to prevent malicious web pages from being accessible, you may wish to rename it too.

The above are only the nine most common crimes against malicious web pages. In addition, there are also a variety of tricks, which also bring us a lot of trouble to access the Internet. In addition, the solutions proposed above are all rescue measures after being harmed by malicious webpages, and they do not guarantee that they will be okay in the future. To avoid or mitigate dangers, you must start with prevention.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.